Hi all, We discovered that Security Groups don’t work in ACS 4.5+ when used with XenServer 6.5 due to ipset, sm/util.py changes. I’ve opened the issue here which was found to be reproducible by my colleagues Geoff and Abhi: https://issues.apache.org/jira/browse/CLOUDSTACK-8395
I’ve tried to fix it in a way such that vmops plugin would work on both XS 6.2 and 6.5 releases, here's the PR: https://github.com/apache/cloudstack/pull/186 One of the major changes it introduces it to use “nethash” instead of “iphash” when storing CIDRs received as part of a ingress/egress rule. I’m not sure how it will affect users that will upgrade to ACS 4.5, as a precaution I’ve added a change to flush and remove old ipset entry before adding a new one. (Assuming all network rule addition/removals are idempotent, as everytime we add/remove a rule, all rules are sent to be applied by the XS vmops plugins). Tim - since you’re one of the Xen gurus can you help review it and suggest any other changes? I wanted to bring this issue on dev ML since it’s a potential blocker for 4.5. I’m not sure if we officially support XS 6.5 on 4.4 branch, but if needed once we have a reviewed commit it can be cherry-picked on 4.4 as well. Regards, Rohit Yadav Software Architect, ShapeBlue M. +91 88 262 30892 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
